CVE-2025-7401
Published: 11 July 2025
Summary
CVE-2025-7401 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Codecanyon (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-11 (User-installed Software).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely patching of the vulnerable plugin versions up to 3.0.2 to eliminate the arbitrary file read/write vulnerability in remote_tunnel.php.
Prohibits unauthorized installation of third-party WordPress plugins like Premium Age Verification, preventing deployment of components with unprotected remote support functionality.
Explicitly defines and restricts permitted actions without authentication, preventing unauthenticated arbitrary file read/write via the remote_tunnel.php endpoint.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing WordPress plugin enables remote unauthenticated arbitrary file read/write (via hard-coded credentials), directly facilitating initial access via T1190 and web shell deployment (T1505.003) for RCE.
NVD Description
The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remote_tunnel.php in all versions up to, and including, 3.0.2.…
more
This makes it possible for unauthenticated attackers to read from or write to arbitrary files on the affected site's server which may make the exposure of sensitive information or remote code execution possible.
Deeper analysisAI
CVE-2025-7401 affects the Premium Age Verification / Restriction for WordPress plugin in all versions up to and including 3.0.2. The vulnerability stems from insufficiently protected remote support functionality in the remote_tunnel.php file, enabling arbitrary file read and write operations on the affected WordPress site's server. This issue is classified under CWE-798 (Use of Hard-coded Credentials) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high confidentiality, integrity, and availability impacts.
Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no user interaction required. By leveraging the unprotected remote_tunnel.php endpoint, they can read sensitive files or write arbitrary content to the server, potentially exposing configuration data, user credentials, or other confidential information. In scenarios where attackers write executable files, such as PHP webshells, this could lead to remote code execution, granting full server compromise.
Advisories, including those from Wordfence, provide further details on the vulnerability. Mitigation guidance and patch information can be found in the referenced sources, such as the Wordfence threat intelligence page and the plugin's Codecanyon listing.
Details
- CWE(s)